Thermal imaging iPhone accessory helps crack keypad codes

By Edd Gent

Published Friday, August 21, 2015

Criminals can use a readily available iPhone accessory that costs less than £200 to steal codes for push button security devices.

Cyber-security consultancy Sec-Tec used the Flir One thermal imaging accessory, just one of many that such devices available online, which works with iPhones, iPads and Android smartphones and tablets.

The team used the device to pick up the residual heat left on a keypad's buttons by the warm fingers of a user. They tested the technique on a variety of push-button security devices, including ATMs, locks and safes, and found that several still revealed the digits pressed by a legitimate user over a minute after use.

"The increasing availability of cheap thermal imaging equipment – once the sole preserve of only the best-equipped attacker – is creating an ever-increasing risk to push-button security devices," the consultancy said in a statement.

Though the accessory was easily able to identify the keys pressed by the user, pinpointing the order in which they were pressed was considerably more difficult, but as many of the devices had no lock-out mechanism a hostile user could quickly test all combinations of a four-digit code once the digits are known.

The firm also said it had created two undisclosed methods that "assist considerably in the identification of key ordering" and managed to combine the thermal imaging technique with existing RFID cloning equipment to successfully compromise two-factor door locks on a physical-penetration test.

To avoid the dangers posed by thermal imaging, the consultancy recommended using devices with metal rather than plastic or rubber, which hold heat for longer, and placing the entire palm on the keypad for a few seconds after use to throw attackers off the scent.